From: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>
To: Nicolas Escande <nico.escande@gmail.com>, ath11k@lists.infradead.org
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH 2/2] wifi: ath11k: fix error path leaks in some WMI calls
Date: Tue, 5 May 2026 22:53:40 +0530 [thread overview]
Message-ID: <151425e9-564d-4d61-b37d-3eef9bc54b6f@oss.qualcomm.com> (raw)
In-Reply-To: <20260502071453.2379188-3-nico.escande@gmail.com>
On 5/2/2026 12:44 PM, Nicolas Escande wrote:
> This is the same pattern that was previously identified as problematic:
> direct 'return ath11k_wmi_cmd_send(...)' will leak the skb in the error
> path if it is not explicitly handled.
>
> Fixes: c417b247ba04 ("ath11k: implement hardware data filter")
> Fixes: 9cbd7fc9be82 ("ath11k: support MAC address randomization in scan")
> Fixes: ba9177fcef21 ("ath11k: Add basic WoW functionalities")
> Fixes: fec4b898f369 ("ath11k: Add WoW net-detect functionality")
> Fixes: c3c36bfe998b ("ath11k: support ARP and NS offload")
> Fixes: a16d9b50cfba ("ath11k: support GTK rekey offload")
> Fixes: 652f69ed9c1b ("ath11k: Add support for SAR")
> Fixes: 0f84a156aa3b ("ath11k: Handle keepalive during WoWLAN suspend and resume")
> Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
> ---
> drivers/net/wireless/ath/ath11k/wmi.c | 112 ++++++++++++++++++++++----
> 1 file changed, 96 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
> index 024c2aad9fb4..dca6e011cc40 100644
> --- a/drivers/net/wireless/ath/ath11k/wmi.c
> +++ b/drivers/net/wireless/ath/ath11k/wmi.c
> @@ -9299,7 +9299,7 @@ int ath11k_wmi_hw_data_filter_cmd(struct ath11k *ar, u32 vdev_id,
> {
> struct wmi_hw_data_filter_cmd *cmd;
> struct sk_buff *skb;
> - int len;
> + int ret, len;
>
> len = sizeof(*cmd);
> skb = ath11k_wmi_alloc_skb(ar->wmi->wmi_ab, len);
> @@ -9324,7 +9324,13 @@ int ath11k_wmi_hw_data_filter_cmd(struct ath11k *ar, u32 vdev_id,
> "hw data filter enable %d filter_bitmap 0x%x\n",
> enable, filter_bitmap);
>
> - return ath11k_wmi_cmd_send(ar->wmi, skb, WMI_HW_DATA_FILTER_CMDID);
> + ret = ath11k_wmi_cmd_send(ar->wmi, skb, WMI_HW_DATA_FILTER_CMDID);
> + if (ret) {
> + ath11k_warn(ar->ab, "failed to send WMI_HW_DATA_FILTER_CMDID\n");
> + dev_kfree_skb(skb);
> + }
> +
> + return ret;
> }
>
{ .. }
> @@ -10053,7 +10127,13 @@ int ath11k_wmi_sta_keepalive(struct ath11k *ar,
> "sta keepalive vdev %d enabled %d method %d interval %d\n",
> arg->vdev_id, arg->enabled, arg->method, arg->interval);
>
> - return ath11k_wmi_cmd_send(wmi, skb, WMI_STA_KEEPALIVE_CMDID);
> + ret = ath11k_wmi_cmd_send(wmi, skb, WMI_STA_KEEPALIVE_CMDID);
> + if (ret) {
> + ath11k_warn(ar->ab, "failed to send WMI_STA_KEEPALIVE_CMDID\n");
> + dev_kfree_skb(skb);
> + }
> +
> + return ret;
> }
>
> bool ath11k_wmi_supports_6ghz_cc_ext(struct ath11k *ar)
Thanks for fixing these. One more instance of the same pattern remains
in ath11k_tm_cmd_wmi_ftm().
Please add dev_kfree_skb(skb) before goto out, matching
ath11k_tm_cmd_wmi() above.
--
--
Ramesh
next prev parent reply other threads:[~2026-05-05 17:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-02 7:14 [PATCH ath 0/2] fix leaks in some WMI error path Nicolas Escande
2026-05-02 7:14 ` [PATCH 1/2] wifi: ath11k: fix error path leaks in some WMI WOW calls Nicolas Escande
2026-05-02 7:14 ` [PATCH 2/2] wifi: ath11k: fix error path leaks in some WMI calls Nicolas Escande
2026-05-05 17:23 ` Rameshkumar Sundaram [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-04-24 14:48 [PATCH ath 0/2] fix leaks in some WMI error path Nicolas Escande
2026-04-24 14:48 ` [PATCH 2/2] wifi: ath11k: fix error path leaks in some WMI calls Nicolas Escande
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=151425e9-564d-4d61-b37d-3eef9bc54b6f@oss.qualcomm.com \
--to=rameshkumar.sundaram@oss.qualcomm.com \
--cc=ath11k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=nico.escande@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox